I don't mean sandboxing within Flash, I mean sandboxing at the OS level.
Executing a script is kind of sandboxing anyway. If the Flash developers screw that up, then that they also screw up a sandbox they tossed around it isn't much of a surprise. I'm sure they could add a few more sandboxes around that and still have things slip through.
What I mean is like how Linux is very good at preventing me from changing the system time without root permissions, perhaps when an ordinary user runs an application, it could be just as good at not letting that application open random files without the user's permission.
OSs are unforunately designed to serve applications, not users. If a program wants to intercept keystrokes sent to other applications so that it can catch your passwords, there's an API call for that. If a program wants to scan your entire filesystem looking for sensitive information, there's an API for that. If a program wants to run continuously without showing up in the GUI so that the user doesn't realize it's running, well, it doesn't even need an API call for that, as that's quite sadly the default.
Meanwhile, users have no easy way to see what the applications they're running are up to. Want to know if a program decides to access your personal files? Too bad, as not only does your OS not allow you to protect those files from random applications, it doesn't even offer you a way to see that an application is accessing those files. Want to know if any programs are currently piping data out to the internet? Hope you have a router with a useful link activity indicator, because your OS isn't going to tell you when your network is being used at all, never mind which programs are using it and how much they're using it, and it certainly isn't going to let you configure which programs can and cannot access the internet when you first run them, and it especially isn't going to give you easy-to-use fine-grained control over what the application is allowed to do (like blocking SMTP access to all programs by default, making it very difficult for any random software to become part of a spam botnet). Nope, the way you're supposed to ensure the security of your computer is to psychically know which programs are trustworthy and which are not.
To make this even more absurd, they then go to signed executables, so that we can trust that code came from someone we trust, because even if we honestly do trust Adobe to do nothing bad to our computers, and we're not simply using Adobe's code because we bought our computers because we need to get shit done and we can't get shit done if we don't run software, we've still go the issue that the completely trustworthy Adobe is rather incompetent and so even if they didn't intend for their software to do bad things, it will do bad things just as soon as someone figures out how to exploit it.
Obviously there's always the possibility for exploits, and so sandboxing won't be a perfect solution, but I think the kernel authors have a better track record in that regard than Adobe does. ...and of course, failing to do something at all isn't any better than trying to do it and being only 99% successful.
I've heard that Android almost did this correctly, with the list of app permissions you have to approve for each new app. The problem is that you then have to wonder why apps want each permission. So do you reject the app because it's asking for something you think it doesn't need, or do you assume (possibly correctly) that it has some feature which you haven't thought of that requires that permission and so it does have a legitimate reason to ask for it? If it were done correctly, you could just say no to any permission you don't want to grant, and the application would simply be told that it doesn't have it. Then if you go to use that feature, the application could tell you "I can't do that unless I have permission to access ____" at which point it either makes sense that it now needs that permission, or it still doesn't make sense and you can continue to say no while continuing to use the application for whatever else it is good for.
I mean, people buy computers to run software. It's dumb as fuck that they're then told "don't run software" because their operating systems are inadequately designed to deal with anything besides perfectly well-behaved software.
The saddest part of the whole deal is when I'm talking with kids about software programming and they want me to check out some program they've written and I then have to wonder "has this kid just discovered how to delete files and thinks it'd be a hilarious prank to delete them all?" Why can't I just run that program and trust that my OS isn't going to let it delete every file I own? I mean, just how many programs outside of my system's file manager do I want to have that kind of unrestricted access to my filesystem? It just doesn't make any sense that that kind of unrestricted access is the default, as I can think of very few pieces of software that need it, and every single one of them came with my OS, and so nothing I download needs that kind of access when I run it.